l i n u x - u s e r s - g r o u p - o f - d a v i s
L U G O D
 
Next Meeting:
October 20: Web Application Hacking: How to Make and Break Security on the Web
Next Installfest:
TBD
Latest News:
Oct. 10: LUGOD Installfests coming again soon
Page last updated:
2001 Dec 30 17:03

The following is an archive of a post made to our 'vox-tech mailing list' by one of its subscribers.

Report this post as spam:

(Enter your email address)
Re: [vox-tech] Re: OpenBSD and Security
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [vox-tech] Re: OpenBSD and Security



Details can be found at www.openbsd.org. It does come with the following
packages which are source-code audited:

OpenSSH 2.3.0
perl 5.6.0 plus patches
Apache 1.3.12 + patches, including Mod_ssl 2.6.2, OpenSSL 0.9.5a
ipf 3.3.18
sendmail 8.10.1
sudo 1.6.3p5
KTH Kerberos 1.0.2

It also has the ports collection, which is not audited by the OpenBSD team.
No, it's not immune to holes in ported packages. However, you do have to go
out and actively install them ... it doesn't come with non-audited software
installed by default. At least you know when you're introducing a possible
security hole, instead of finding out afterwards. It also seems that other
companies are learning from this ... the RedHat Wolverine beta now ships
with services turned off by default, too.

OpenBSD also creates a checklist for locking the system down, which is
reviewed and mailed to root every evening. And the man pages are useful to
boot.

As far as provided a basic, functional OS, I think it does just fine. You
might check it out ... I have a basis for comparison, myself, in securing a
RedHat 7.0 vs. OpenBSD 2.7 box.

OpenBSD has gone 3 years without a remote exploit in the default
installation. I haven't heard of another "mainstream" OS that can make the
same claim.

--Adam

----- Original Message -----
From: "Bill Broadley" <bill@math.ucdavis.edu>
To: <vox-tech@franz.mother.com>
Sent: Wednesday, April 11, 2001 11:28 PM
Subject: Re: [vox-tech] Re: OpenBSD and Security


> What does Openbsd use for DNS?  Maildelivery?  FTP? NTP? ssh?  Or does
> the installation not include this functionality and rely on the user
> to install them?
>
> Is it somehow immune to the bugs that have plagued all the popular
> distributions?
>
> Or is it just because of a much smaller user based that nobody notices.
>
>
> --
> Bill
>


LinkedIn
LUGOD Group on LinkedIn
Sign up for LUGOD event announcements
Your email address:
facebook
LUGOD Group on Facebook
'Like' LUGOD on Facebook:

Hosting provided by:
Sunset Systems
Sunset Systems offers preconfigured Linux systems, remote system administration and custom software development.

LUGOD: Linux Users' Group of Davis
PO Box 2082, Davis, CA 95617
Contact Us

LUGOD is a 501(c)7 non-profit organization
based in Davis, California
and serving the Sacramento area.
"Linux" is a trademark of Linus Torvalds.

Sponsored in part by:
O'Reilly and Associates
For numerous book donations.